Google protobuf-java 3.0.0 Alpha 2

CPE Details

Google protobuf-java 3.0.0 Alpha 2
google
protobuf-java
3.0.0
2022-12-13
19h07 +00:00
2022-12-13
19h28 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:google:protobuf-java:3.0.0:alpha2:*:*:*:*:*:*

Informations

Vendor

google

Product

protobuf-java

Version

3.0.0

Update

alpha2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-3171 2022-10-11 22h00 +00:00 A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
7.5
High
CVE-2021-22569 2022-01-06 23h00 +00:00 An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
7.5
High